Ransomware known as “WannaCry”

The following information is a copy/paste of a bulletin we received The Department for Homeland Security and US-CERT. This is necessarily long, but does not contain the full bulletin due to its technical nature.

Please please take this seriously. You could lose your Word Documents, i.e. homework, portfolios, research papers etc, Excel Documents, Power Point files, Publisher files, digital memories (a/k/a family photos and movies) and any other data. If you have not made a backup of your data lately please do so NOW and then remove that external drive or media from your PC immediately. Here is another link to a different article on backup.

If you need assistance in taken precautionary steps please let us know.

Now the bulletin….

TA17-132A: Indicators Associated With WannaCry Ransomware

Initial Analysis

The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named “t.wry”. The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user’s files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.

The newly loaded DLL immediately begins encrypting files on the victim’s system and encrypts the user’s files with 128-bit AES. A random key is generated for the encryption of each file.

The malware also attempts to access the IPC$ shares and SMB resources the victim system has access to. This access permits the malware to spread itself laterally on a compromised network. However, the malware never attempts to attain a password from the victim’s account in order to access the IPC$ share.

This malware is designed to spread laterally on a network by gaining unauthorized access to the IPC$ share on network resources on the network on which it is operating.

Impact

Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.

Solution

Recommended Steps for Prevention

  • Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.

· Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing.

· Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.

· Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.

· Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.

· Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.

· Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.

  • Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
  • Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
  • Test your backups to ensure they work correctly upon use.

Recommended Steps for Remediation

  • Contact law enforcement. We strongly encourage you to contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
  • Implement your security incident response and business continuity plan. Ideally, organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup.

Defending Against Ransomware Generally

Precautionary measures to mitigate ransomware threats include:

  • Ensure anti-virus software is up-to-date.
  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
  • Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust.
  • Enable automated patches for your operating system and Web browser.
Advertisements

Microsoft FINALLY Ending Support for Windows Vista

I know this may come as a surprise to many of you but there are still a little over 11 million PC’s still running Vista.

The following notice appeared on data security site and I thought I would share with all of my readers.

Thursday, May 4, 2017

Microsoft Ending Support for Windows Vista

Original release date: March 17, 2017

All software products have a lifecycle. After April 11, 2017, Microsoft is ending support for the Windows Vista operating system. After this date, this product will no longer receive:

  • Security updates,
  • Non-security hotfixes,
  • Free or paid assisted support options, or
  • Online technical content updates from Microsoft.

Computers running the Windows Vista operating system will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.

Users and administrators are encouraged to upgrade to a currently supported operating system. For more information, see Microsoft’s Vista support and product lifecycle articles.

A Dangerously Convincing Google Docs Phishing Scam…..

A Dangerously Convincing Google Docs Phishing Scam Is Spreading Like Crazy

“Oh God, a hacker’s on the loose with a new (but familiar) Google Docs phishing scam, and journalists (among many others) are in the crosshairs.” – Adam Clark Estes

Please read the whole story…

But, if you don’t have time, just do this ….. IGNORE ANY NOTICES ABOUT SOMEONE YOU DON’T KNOW SHARING GOOGLE DOC’S WITH YOU!

Dennis

What Is 5G? Everything You Need to Know. – Entrepreneur.com

What Is 5G? Everything You Need to Know. – http://www.pcmag.com/article/345387/what-is-5g

I am posting this from e-mail so I do not know if the link above will work, but hopefully it will. This link will take you to an article explaining what 5G wireless is and is not, in layman’s terms. The author does a good job of "splaining," in non-tech terms.

The bottom-line is this….don’t believe the wireless carrier’s claims of 5G service this year. It cannot happen yet…no matter what they advertise.

Read the article for more details. I am kind of excited now that I’ve learned more about the changes coming with 5G…it’s much more than simply faster speeds.

Dennis "MetroPCS Fan" Wilson

System Administrator Appreciation Day is Coming!

July 28, 2017 – 18th Annual

System Administrator
Appreciation Day

Your network is secure, your computer is up and running, and your printer is jam-free. Why? Because you’ve got an awesome sysadmin (or maybe a whole IT department) keeping your business up and running. So say IT loud; say IT proud …

Happy SysAdmin Day!

Wait… what exactly is SysAdmin Day? Oh, it’s only the single greatest 24 hours on the planet… and pretty much the most important holiday of the year. It’s also the perfect opportunity to pay tribute to the heroic men and women who, come rain or shine, prevent disasters, keep IT secure and put out tech fires left and right.

At this point, you may be thinking, “Great. I get it. My sysadmin is a rock star. But now what?” Glad you asked! Proper observation of SysAdmin Day includes (but is not limited to):

  • Cake & Ice cream
  • Pizza
  • Cards
  • Gifts
  • Words of gratitude
  • Custom t-shirts celebrating the epic greatness of your SysAdmin
  • Balloons
  • Confetti
  • Did I say gifts

Click on the link for more info.